If you are a covered entity or business associate that needs to store or process PHI, you should use a HIPAA compliant platform. There are a number of HIPAA compliant platforms available, including Salesforce, Oracle, and Microsoft.
No, HubSpot is not HIPAA compliant. HubSpot's Terms of Service specifically state that the platform is not compliant with industry-specific regulations like HIPAA. The Terms of Service forbid the processing or storage of sensitive health information.
While HubSpot does offer a number of security features, such as data encryption and 24/7 security monitoring, these features are not enough to meet the requirements of HIPAA. In order to be HIPAA compliant, a platform must have a comprehensive security program that includes a risk assessment, security policies and procedures, and security training for employees.
If you are a covered entity or business associate that needs to store or process PHI, you should use a HIPAA compliant platform. There are a number of HIPAA compliant platforms available, including Salesforce, Oracle, and Microsoft.
If you are considering using HubSpot to store or process PHI, you should carefully review the platform's security features and limitations. You should also consult with a healthcare attorney to ensure that your use of HubSpot complies with HIPAA.